CN1297107C - Key distribution method based on preshared key - Google Patents
Key distribution method based on preshared key Download PDFInfo
- Publication number
- CN1297107C CN1297107C CNB031215033A CN03121503A CN1297107C CN 1297107 C CN1297107 C CN 1297107C CN B031215033 A CNB031215033 A CN B031215033A CN 03121503 A CN03121503 A CN 03121503A CN 1297107 C CN1297107 C CN 1297107C
- Authority
- CN
- China
- Prior art keywords
- communication entity
- random number
- wildcard
- key
- calculate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a key distribution method based on preshared keys. The method comprises the following steps: a. B receives a notification message sent by A, generates a random number R1 and sends R1 to A; b. A generates a random number R2; c. A uses the preshared keys and the random number R2 as input parameters to generate an encryption key for encrypting symmetrical keys to be transferred so as to obtain encrypted data DATAS; d. A uses the preshared keys and the random number R1 as input parameters to obtain a result value R1-R through calculation; e. A sends the random number R2, the encrypted data DATAS and the result value R1-R to B; f. B uses the preshared keys and the random number R1 as parameters to calculate and compares a calculation result with the received R1-R; if the calculation result is equal to the received R1-R, step g is carried out; if the calculation result is not equal to the received R1-R, abnormal treatment is carried out to exit the process; g. B uses the preshared keys and the random number R2 as parameters to calculate and encrypts the DATAS by using a calculation result so as to obtain a key message sent by A.
Description
Technical field
The present invention relates to field of encryption and wireless communication field, relate in particular to a kind of cryptographic key distribution method based on wildcard.
Technical background
In WLAN (wireless local area network), the information between wireless access terminal (STA) and the wireless local network connecting point (AP) is by radio transmission, so just has very big potential safety hazard between STA and the AP, need maintain secrecy to information transmitted.To maintain secrecy to information, will share key between STA and the AP.A kind of method that can generate symmetric key between STA and certificate server by the data of mutual some not need to be keep secret is arranged at present, and STA has just shared key with certificate server like this.What the symmetric key needs at certificate server place were safe is delivered to AP to reach the purpose that STA and AP share key.AP also can be to transfer by wireless local net access controller (AC) to being direct connection between the certificate server.Key need transmit between the AP at certificate server when directly connecting.When for the mode of AC switching, key need certificate server between the AC and AC transmit between the AP.But do not have security protocol to guarantee secret key safety transmission at present, thus key when certificate server is delivered to AP, be easy to be stolen, thereby finally cause the leakage of enciphered message between STA and AP.
Two communication entities just are provided with symmetric key by manual type When building their networks.In the time of will transmitting security information between them, an end uses this secret key encryption, and the other end uses identical secret key decryption.The process that security information transmits is finished in once unidirectional message transmission.
This mode can only be carried out simple security information and be transmitted, and transmits the two ends of security information and can not confirm mutually, thereby can't resist internuncial attack.
Summary of the invention
Purpose of the present invention is exactly to solve the problem that secret key safety transmits between the communication entity
For this reason, the present invention adopts following scheme:
A kind of cryptographic key distribution method based on wildcard is applicable to be provided with between the communication entity of sharing key that it may further comprise the steps:
The notification message that a, communication entity B received communication entity A send, and generation random number R 1 sends to communication entity A;
B, communication entity A produce random number R 2;
C, communication entity A use cryptographic algorithm to calculate an encryption key with wildcard and random number R 2 as input parameter, and use the encryption key that calculates that the key information that will transmit is encrypted, and obtain data encrypted DATAS;
D, communication entity A use cryptographic algorithm to calculate end value R1-R with wildcard and random number R 1 as input parameter;
E, communication entity A send to communication entity B with random number R 2, enciphered data DATAS and end value R1-R;
F, communication entity B use cryptographic algorithm to calculate as parameter with wildcard and random number R 1, and result of calculation and the R1-R that receives are compared, if the identical step g that then enters; If difference is then carried out abnormality processing, withdraw from flow process;
G, communication entity B use cryptographic algorithm to calculate as parameter with wildcard and random number R 2, use result of calculation that DATAS is decrypted, and obtain the key information that communication entity A sends.
Described step b also produces random number R 3, and described step e also comprises random number R 3 is sent to communication entity B.
Described cryptographic key distribution method based on wildcard also comprises step:
H, communication entity B are that parameter is calculated with wildcard and random number R 3, and result of calculation R3-R is returned to communication entity A;
I, communication entity A are that parameter is calculated with wildcard and random number R 3, and result of calculation and R3-R are compared, and judge whether communication entity B has received the key information that communication entity A sends.
Described cryptographic algorithm is HMAC_MD5.
Described cryptographic algorithm is HMAC_SHA1.
Described communication entity can be the access controller of certificate server, WLAN (wireless local area network), access point or other wireless access terminal of WLAN (wireless local area network).
According to the present invention, can confirm identity mutually between the communication entity, finish encryption, deciphering the transmission key information, thus can the safe transmission of finishing key.
Description of drawings
Fig. 1 is a wlan network structural representation in the prior art;
Fig. 2 is a flow chart of the present invention.
Embodiment
Below in conjunction with Figure of description the specific embodiment of the present invention is described.
As shown in Figure 2, be schematic flow sheet of the present invention, the prerequisite of this technical scheme be between communication entity safety shared key, wildcard has promptly been arranged between communication entity.This communication entity can be the access controller of certificate server, WLAN (wireless local area network), access point or other wireless access terminal of WLAN (wireless local area network).Be respectively AC and AP is an example with communication entity, the method step of realization is as follows:
1AC sends a notification message to AP, prepares to send secret information (key) to AP.
After the notified message of 2AP, produce a random number R andom1 and send to AC.
3AC carries out following processing
A) produce random number R andom2, Random3.
B) random number R andom2 is used for together encrypting the key information that will transmit with wildcard.At first use HMAC_MD5 or HMAC_SHA1 algorithm to calculate (input parameter is wildcard and Random2), use result of calculation that key information is encrypted then, obtain enciphered data DATAs.
C) AC uses HMAC_MD5 or HMAC_SHA1 algorithmic function, calculates an end value Random1_Result with wildcard and random number R andom1 as input parameter.
D) AC is DATAs, Random1_Result, and Random2, Random3 send to AP together
4AP carries out following processing after receiving the data of AC transmission:
A) AP uses HMAC_MD5 or HMAC_SHA1 algorithmic function, with wildcard and random number R andom1 is that parameter is calculated, the end value that obtains and the Randoml_Result that receives are compared, if identical then verified the identity of AC, if difference then carry out abnormality processing.
B) AP uses HMAC_MD5 or HMAC_SHA1 algorithmic function, is that parameter is calculated with wildcard and random number R andom2, uses result of calculation that the DATAs that receives is decrypted and obtains the key information that AC will send.
C) AP uses HMAC_MD5 or HMAC_SHA1 algorithmic function, is that parameter is calculated with wildcard and random number R andom3, and Random3_Result returns to AC with result calculated.
After 5AC receives the return messages of AP, use HMAC_MD5 or HMAC_SHA1 algorithmic function, carry out same calculating with wildcard and random number R andom3, compare with the Random3_Result that receives calculating the gained result, if identical then think it is that AP has received the key information that sends really.
6AC sends key information and finishes to the process of AP.In like manner AP also can send message flow security information conversely to AC.
Embodiment 1:
AC will send to AP with key in this example,, needs AC and AP to possess following function here:
Produce random number, use HMAC_MD5 or HMAC_SHA1 to calculate
Handling process is as follows:
1, AC notice AP will send private data to AP;
2, AP produces a random number R andom1 after receiving this message, and Random1 is sent to AC as the response message content;
3, AC uses Random1 and wildcard as the parameter input of selected algorithm, calculates end value Random1_Result so that AP confirms the AC identity.AC produces random number R andom2 and Random3, uses Random2 and wildcard that the security information that will transmit is encrypted, and produces encrypt data DATAs.Random3 is used for the identity of AP is confirmed.AC sends to AP with Random1_Result, DATAs, Random2, Random3 as message content;
4, AP uses the identity of Random1_Result check AC, and Random1 and wildcard calculate the DATAs data decryption is obtained data.AP uses the algorithm of choosing to go out an end value Random3_Result with Random3 and wildcard as calculation of parameter, and this end value sends to AC as the content of AP acknowledge message.AC confirms to calculate after receiving this message.
Embodiment 2:
In WLAN (wireless local area network), AC will send key to AP.AC at first sends a notification message to AP, and random number of the notified back generation of AP is used for the affirmation to AC, and this random number is sent to AC as the response message content.The random number that AC uses AP to send calculates a result to be tested, and produces two random numbers, and one is used to encrypt one and is used to check AP, after the calculating of AC is finished result calculated and random number is sent to AP.AP at first checks the identity of AC, and data decryption is obtained key then, and the random number of using AC to send calculates an end value and return to AC, is used for AC to being the affirmation that AP receives key really.
The method of the key transmission that this patent provides also can be applied between STA and the AP.When symmetric key only produces rather than simultaneously when STA and certificate server produce simultaneously, certificate server will be issued to STA with symmetric key at certificate server.After symmetric key was sent to AP, AP and STA used the interaction flow among the present invention, just can finish AP safety and transmit the process of symmetric key to STA.The method of this key distribution and existing WEP are encrypted (also can be better cryptographic algorithm) to combine and just can finish the secret of air information.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (6)
1, a kind of cryptographic key distribution method based on wildcard is applicable to be provided with between the communication entity of sharing key, it is characterized in that may further comprise the steps:
The notification message that a, communication entity B received communication entity A send, and generation random number R 1 sends to communication entity A;
B, communication entity A produce random number R 2;
C, communication entity A use cryptographic algorithm to calculate an encryption key with wildcard and random number R 2 as input parameter, and use the encryption key that calculates that the key information that will transmit is encrypted, and obtain encrypting back data DATAS;
D, communication entity A use cryptographic algorithm to calculate end value R1-R with wildcard and random number R 1 as input parameter;
E, communication entity A send to communication entity B with random number R 2, encryption back data DATAS and end value R1-R;
F, communication entity B use cryptographic algorithm to calculate as parameter with wildcard and random number R 1, and result of calculation and the R1-R that receives are compared, if the identical step g that then enters; If difference is then carried out abnormality processing, withdraw from flow process;
G, communication entity B use cryptographic algorithm to calculate as parameter with wildcard and random number R 2, use result of calculation that DATAS is decrypted, and obtain the key information that communication entity A sends.
2, the cryptographic key distribution method based on wildcard as claimed in claim 1 is characterized in that described step b also produces random number R 3, and described step e also comprises random number R 3 is sent to communication entity B.
3, the cryptographic key distribution method based on wildcard as claimed in claim 2 is characterized in that also comprising step:
H, communication entity B use described cryptographic algorithm to calculate as parameter with wildcard and random number R 3, and result of calculation R3-R is returned to communication entity A;
I, communication entity A use described cryptographic algorithm to calculate as parameter with wildcard and random number R 3, and result of calculation and R3-R are compared, and judge whether communication entity B has received the key information that communication entity A sends.
4,, it is characterized in that described cryptographic algorithm is HMAC_MD5 as claim 1,2 or 3 described cryptographic key distribution methods based on wildcard.
5,, it is characterized in that described cryptographic algorithm is HMAC_SHA1 as claim 1,2 or 3 described cryptographic key distribution methods based on wildcard.
6,, it is characterized in that described communication entity is the access controller of certificate server or WLAN (wireless local area network) or access point or other wireless access terminal of WLAN (wireless local area network) as claim 1,2 or 3 described cryptographic key distribution methods based on wildcard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031215033A CN1297107C (en) | 2003-03-31 | 2003-03-31 | Key distribution method based on preshared key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031215033A CN1297107C (en) | 2003-03-31 | 2003-03-31 | Key distribution method based on preshared key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1534935A CN1534935A (en) | 2004-10-06 |
| CN1297107C true CN1297107C (en) | 2007-01-24 |
Family
ID=34285723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031215033A Expired - Fee Related CN1297107C (en) | 2003-03-31 | 2003-03-31 | Key distribution method based on preshared key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1297107C (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446019C (en) * | 2006-07-19 | 2008-12-24 | 北京飞天诚信科技有限公司 | Software copyright protection method |
| CN100448196C (en) * | 2006-12-29 | 2008-12-31 | 西安西电捷通无线网络通信有限公司 | WAPI-based wireless LAN operation method |
| KR101331377B1 (en) | 2007-06-11 | 2013-11-20 | 엔엑스피 비 브이 | Method of authentication and electronic device for performing the authentication |
| CN101325582B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method, system and apparatus for protecting proxy mobile internet protocol signalling |
| CN101329720B (en) * | 2008-08-01 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | Anonymous bidirectional authentication method based on pre-sharing cipher key |
| CN101902324B (en) * | 2010-04-29 | 2012-11-07 | 天维讯达无线电设备检测(北京)有限责任公司 | Method and system for establishing communication key between nodes |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| CN102186172B (en) * | 2011-04-13 | 2013-08-28 | 北京理工大学 | Method for scanning state of adaptive wireless channel generated by shared secret key |
| CN102404731B (en) * | 2011-12-31 | 2014-03-12 | 重庆邮电大学 | Wireless sensor network dynamic encryption method based on encryption parameter lists |
| US9585012B2 (en) * | 2012-05-14 | 2017-02-28 | Futurewei Technologies, Inc. | System and method for establishing a secure connection in communications systems |
| CN102801520B (en) * | 2012-07-31 | 2015-03-25 | 深圳光启创新技术有限公司 | Method and system for encryption communication |
| CN103634266B (en) * | 2012-08-21 | 2017-05-24 | 上海凌攀信息科技有限公司 | A bidirectional authentication method for a server and a terminal |
| CN103843449A (en) * | 2012-09-28 | 2014-06-04 | 华为技术有限公司 | Protocol stack type negotiation method and device |
| CN105577365B (en) * | 2014-11-11 | 2019-04-26 | 中国移动通信集团公司 | A kind of user accesses the cryptographic key negotiation method and device of WLAN |
| CN105162791B (en) * | 2015-09-23 | 2018-07-17 | 盛科网络(苏州)有限公司 | The method and device of shared key is used based on CAPWAP |
| CN105553981B (en) * | 2015-12-18 | 2019-03-22 | 成都三零瑞通移动通信有限公司 | A kind of wlan network rapid authentication and cryptographic key negotiation method |
| CN109962767A (en) * | 2017-12-25 | 2019-07-02 | 航天信息股份有限公司 | A kind of safety communicating method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1249588A (en) * | 1998-07-31 | 2000-04-05 | 朗迅科技公司 | Method for updating encrypted shared data in radio communication system |
| JP2002118544A (en) * | 2000-10-04 | 2002-04-19 | Murata Mach Ltd | Encipherment method, cipher communication method, secret key generation method and shared key generation method, cipher communication system and secret key generation device, shared key generation device and recording medium |
-
2003
- 2003-03-31 CN CNB031215033A patent/CN1297107C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1249588A (en) * | 1998-07-31 | 2000-04-05 | 朗迅科技公司 | Method for updating encrypted shared data in radio communication system |
| JP2002118544A (en) * | 2000-10-04 | 2002-04-19 | Murata Mach Ltd | Encipherment method, cipher communication method, secret key generation method and shared key generation method, cipher communication system and secret key generation device, shared key generation device and recording medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1534935A (en) | 2004-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1297107C (en) | Key distribution method based on preshared key | |
| CN1324502C (en) | Method for discriminating invited latent member to take part in group | |
| CN1186580A (en) | Computer-assisted method for exchange of crytographic keys between user computer and network computer unit | |
| CN1191696C (en) | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link | |
| CN1191703C (en) | Safe inserting method of wide-band wireless IP system mobile terminal | |
| CN1124759C (en) | Safe access method of mobile terminal to radio local area network | |
| CN1659821A (en) | Method for secure data exchange between two devices | |
| CN1620005A (en) | Method of safety transmitting key | |
| CN101651539A (en) | updating and distributing encryption keys | |
| CN1312991A (en) | Seque processing for authentication of wireless communications device | |
| CN112671710B (en) | Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method | |
| CN1564509A (en) | Key consaltation method in radio LAN | |
| CN112636923B (en) | Engineering machinery CAN equipment identity authentication method and system | |
| CN1534936A (en) | Key distribution method in radio local network based on public key certificate mechanism | |
| CN114826656A (en) | Trusted data link transmission method and system | |
| CN1534931A (en) | Method of forming dynamic key in radio local network | |
| EP1417801B1 (en) | Security in communications networks | |
| CN1268150C (en) | Method for establishing connection between terminal and operating mobile radio network, mobile radio network and terminal used in such method | |
| CN101057446A (en) | Method and apparatus for receiving broadcast content | |
| CN1627682A (en) | Method for creating dynamic cipher at time of building connection in network transmission | |
| CN1630404A (en) | Method of cipher key management, distribution, and transfer during subscriber switch in digital cellular mobile communication system | |
| CN1668000A (en) | Authentication and encryption method for wireless network | |
| CN1897520A (en) | Method and system for verifying telecommunication safety | |
| CN116318997A (en) | Bidirectional identity authentication method between terminal and gateway | |
| CN101047945A (en) | Mobile communication system and customer temporary identity distribution method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070124 Termination date: 20130331 |